Forum Discussion
smp_86112
Cirrostratus
CirrostratusSSL Decryption with Wireshark - Cached Certificate?
I know it is possible to decrypt an HTTPS conversation between a client and a virtual server with Wireshark - I've done it before by specifying a couple of parameters in the SSL protocol preferences (...
hoolioCirrostratus
CirrostratusHi SMP,
As you say, in order for the SSL decryption to work, you have to capture the initial handshake. If you have control over the client, it would be better to clear the SSL cache on the client versus LTM. This will force the client to negotiate a new SSL session. Your decryption should then succeed. In IE, you can go to Tools | Options | Content | Clear SSL state. For Firefox, I think it's active logins that you can clear using Ctrl+Shift + Delete.
If you don't have control over the client, I think a 'b load' will clear the SSL cache on LTM. It would be a significant hit if you prevented LTM from caching SSL sessions, as I believe the initial SSL handshake is the most computationally expensive operation in the SSL conversation. If you still wanted to do this, I think you could set the client SSL profile's cache size to 0 sessions.
Aaron
